TNC: Fixed TNC when using EAP-TTLS with non-EAP Phase 2

Need to process EAP AVP after the non-EAP Phase 2 method. In addition,
EAP-TTLS/MSCHAPv2 needs special code for handling the starting of TNC after
extra roundtrip of MSCHAPv2 success message.

diff --git a/src/eap_peer/eap_ttls.c b/src/eap_peer/eap_ttls.c
index a3ded89ac4f7715be7b737163f2fe39307498725..39a9f0a35d4d6ee5766c1c0d46b5c9313c36d5b2 100644 (file)
--- a/src/eap_peer/eap_ttls.c
+++ b/src/eap_peer/eap_ttls.c
@@ -991,7 +991,7 @@ static int eap_ttls_phase2_request(struct eap_sm *sm,
                }
        }
 
-       switch (data->phase2_type) {
+       switch (phase2_type) {
        case EAP_TTLS_PHASE2_EAP:
                res = eap_ttls_phase2_request_eap(sm, data, ret, hdr, resp);
                break;
@@ -1334,6 +1334,15 @@ static int eap_ttls_process_phase2_mschapv2(struct eap_sm *sm,
        }
 
        if (parse->mschapv2 == NULL) {
+#ifdef EAP_TNC
+               if (data->phase2_success && parse->eapdata) {
+                       /*
+                        * Allow EAP-TNC to be started after successfully
+                        * completed MSCHAPV2.
+                        */
+                       return 1;
+               }
+#endif /* EAP_TNC */
                wpa_printf(MSG_WARNING, "EAP-TTLS: no MS-CHAP2-Success AVP "
                           "received for Phase2 MSCHAPV2");
                return -1;
@@ -1435,9 +1444,7 @@ static int eap_ttls_process_decrypted(struct eap_sm *sm,
        case EAP_TTLS_PHASE2_MSCHAPV2:
                res = eap_ttls_process_phase2_mschapv2(sm, data, ret, parse);
 #ifdef EAP_TNC
-               if (res == 1 && parse->eapdata &&
-                   ret->methodState == METHOD_DONE &&
-                   ret->decision == DECISION_UNCOND_SUCC) {
+               if (res == 1 && parse->eapdata && data->phase2_success) {
                        /*
                         * TNC may be required as the next
                         * authentication method within the tunnel.